Register multiple domains to an Okta Active Directory (AD) agent
It is possible to register multiple domains to a single AD agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations.. However, these domains must be in the same forest and contain trust otherwise the Service account the agent runs as will not be able to connect to the other domains to register them.
NOTE: In order to add additional domains to the AD agent you will need to ensure the domains have an external trust and the domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). service account has sufficient privileges in all domains.
To configure additional domains on a single AD agent:
- From the server running the AD Agent, select Start > All Programs > Okta > Okta AD Agent > Okta AD Agent Manager.
- Select Domains.
- In the drop-down menu containing the grayed-out text select the domain that you want to add, and then click Register. Alternatively, you can type the desired domain name in the field, and then click Register.
- A message appears stating that your new domain has been registered and prompts you to restart the agent. Optionally register additional domains. Restart your AD agent after you are finished.